Beware of Free VPNs that Install Malicious Botnets

Virtual Private Networks (VPNs) have become essential tools for internet users. However, the allure of free VPN services can sometimes lead to unexpected and dangerous consequences.

This article delves into the hidden risks of free VPNs, highlighting a significant incident involving the 911 S5 botnet and other malicious activities.

The saying “There’s no such thing as a free lunch” has evolved into “If you’re not paying for the product, you are the product” in the digital age. This hypothesis is particularly relevant to VPN services.

Maintaining a global network of servers and handling encrypted traffic is costly. When users aren’t asked to pay for these services, there is often a hidden catch.

The 911 S5 Botnet: A Case Study

In May 2024, the FBI, in collaboration with international law enforcement, dismantled the 911 S5 botnet. This network spanned 19 million unique IP addresses across over 190 countries, making it one of the largest botnets ever.

According to Kaspersky reports, the botnet’s creators used several free VPN services, including MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN, to build their malicious network.

Users who installed these free VPN apps unknowingly turned their devices into proxy servers, channeling someone else’s traffic.

Cybercriminals paid the 911 S5 organizers for access to these proxy servers, using them for illicit activities such as cyberattacks, money laundering, and mass fraud. As a result, users became unwitting accomplices in these crimes.

The 911 S5 botnet began operations in May 2014, and the free VPN apps have circulated since 2011. Despite a temporary takedown in 2022, the botnet resurfaced under the alias CloudRouter.

By the time the FBI dismantled the botnet in 2024, it had earned its creators an estimated $99 million. The confirmed losses to victims amounted to several billion dollars.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

911 S5 botnet proxy rental prices
911 S5 botnet proxy rental prices

Infected VPN Apps on Google Play

The 911 S5 botnet is not an isolated incident. In March 2024, a similar scheme involving several dozen apps on Google Play was uncovered. Among these apps, free VPNs constituted the bulk of the infected ones.

The list included:

  • Lite VPN
  • Byte Blade VPN
  • BlazeStride
  • FastFly VPN
  • FastFox VPN
  • FastLine VPN
  • Oko VPN
  • Quick Flow VPN
  • Sample VPN
  • Secure Thunder
  • ShineSecure VPN
  • SpeedSurf
  • SwiftShield VPN
  • TurboTrack VPN
  • TurboTunnel VPN
  • YellowFlash VPN
  • VPN Ultra
  • Run VPN
Infected VPN Apps
Infected VPN Apps

There were two primary modes of infection. Earlier versions of the apps used the ProxyLib library to transform devices into proxy servers.

More recent versions employed an SDK called LumiApps, which ostensibly offered monetization through hidden pages but turned devices into proxy servers.

Consequences for Users

The infected VPN apps were removed from Google Play after publishing the report. However, they continue circulating on alternative platforms like APKPure, sometimes under different developer names. This persistence underscores the ongoing threat posed by malicious free VPN apps.

Oko VPN on APKPure
Oko VPN on APKPure

Given the risks associated with free VPNs, investing in a reputable, paid VPN service is the optimal solution. Paid VPNs are more likely to offer robust security features, reliable performance, and transparent privacy policies.

They are also less likely to engage in malicious activities, as their revenue model relies on user subscriptions rather than hidden monetization schemes.

Benefits of Paid VPNs

  1. Enhanced Security: Paid VPNs typically offer advanced encryption, secure protocols, and additional security features like kill switches and DNS leak protection.
  2. Better Performance: With dedicated servers and optimized networks, paid VPNs provide faster and more reliable connections.
  3. Transparent Privacy Policies: Reputable paid VPNs are upfront about their data collection practices and often adhere to strict no-logs policies.
  4. Customer Support: Paid VPN services usually offer customer support to address issues or concerns.

While the promise of free VPN services may be tempting, the hidden costs can be significant. The 911 S5 botnet and other malicious activities highlight the dangers of using free VPNs.

By investing in a reputable, paid VPN service, users can ensure their online privacy and security without falling victim to hidden threats.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

The post Beware of Free VPNs that Install Malicious Botnets appeared first on Cyber Security News.